[Cryptography] Maybe those million-bit-key cryptosystems have something to offer after all....

Jerry Leichter leichter at lrw.com
Sat Jul 28 07:05:44 EDT 2018

A common theme of amateurish or over-hyped cryptosystems - at least a couple of years back; this seems to have faded - was the use of super-long keys for "higher security".  Realistically, all a longer key gives you is security against brute force attack, and 256 bits is already way beyond anything that can be attacked by any foreseeable technology.  And yet....

Consider https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-a-network/ (contains link to the technical paper) which describes a Spectre-like attack that can be carried out over a network, without downloading any code to the system under attack.  It's one of a class of slow side-channel attacks - very slow; 1-3 bits per hour attacking a system in the Google Cloud over the Internet.  (They got it up to a bit per minute over a local network.)

There are very few secrets worth stealing at these rates.  Except, of course, for keys.  Keys serve as information concentrators:  Leak 256 bits and in the right circumstances you've effectively leaked Gigabytes.

A workaround would be to stretch a 256-bit key in memory however long you want it - e.g., store each bit as the parity of a(n almost) random 64-bit value.  But to use any standard AES implementation, you need to synthesize the 256-bit form - and it can then be leaked.  An implementation that pulled in one bit at a time might be possible, though likely impossibly slow.

                                                        -- Jerry
                                                  With at least half a :-)

More information about the cryptography mailing list